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n .^. . NON-REPUDIATION OF DIGITAL CONTENT 




TECHNICAL FIELD 



5 The present invention generally relates to digital rights management CDRM) for 
managing digital content provided over networks, and more particular to methods, 
equipment and systems nsed for monitoring usage of digital content by a client in a 
DRM system. 



The ^stribution of digital contmt or media data usmg modem distal communication 
technologies is constantly growing, increasingly replacing the more traditiOTial 
distribution methods. In particular, fliere is an increasing trend of downloading or 
IS streaming distal content from a content provider to a client or user, which then 
typically renders ifae content using a rendering device according to some user ri^ts, or 
usage rules specified in a license assodated widi the digital contetH Due to the 
advantages of this form of content distribution, mcluding being ine^[)ensive, fast and 
easy to perform, applications can now be found for distribution of all types of media 
20 such as audio, video, images, electronic books and software. 

: However, with this new way of distributing digital media content comes the need for 
protecting the content provider's digital assets against unaudiorized usage and illegal 
copying. Copyright holders and creators of digital content naturally have a strong 
725 economic interest of protecting their rigjits, and this has lead to an increasing demand 



10 



BACKGROUND 



for digital rights management (DRM). DRM is generally a technology for protecting 
the content provider's assets in a digital content distribution system, including 
protecting, monitoring and restricting the usage of the digital content as well as 
handling payment A DRM system thus normally includes components for encryption. 



30 authentication, key management, usage rule mianagement and charging. 
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The most basic fineats to a DRM system include eavesdropping, illegal copying, 
modification of usage rules, and xiqpudiation of order or delivery of content. Most of 
Aese basic security problems are solved by standard cryptographic techniques, 

5 including encryption, auflienticaiion and key management. However, what basically 
distinguishes the security problems of a DRM system from other general security 
problems is that not even the other aid-part of the communication (the user) is 
completely trusted. In fact, the end-user might want to try to fraudulently ^tend his 
usage rights, for example rendering the media content more times duui he has paid for 

10 or illegally copying the digital content to another rendering device. Therefore, some 
form of rule-enforcement is required in the client's rendering device. To this end, a 
DRM agent implemented as tamper-resistant circuit in the rendering device and some 
formal language expressing the usage rules ate commonly tised together with lbs basic 
cryptogrqjfaic techniques mentioned above. 



However, while fte DRM agent (at least thcoteticaUy) enforces the usage rules and 
keeps the usage according to the Ucense, it per se does not guarantee fliat tiie client 
will not radiate the usage of flic digital content For example, the ctient may have 
paid to wateh a downloaded movie Aree times, but claims that due to some 
malfhnctions he was only able to watch it twice. The client then disagrees with Ae 
DRM agent in the rendering device about die number of renderings be has consumed. 
TWs can easily escalate mto a legal process, especially if it regards a high vahied 
digital content, for which the cUent has paid a large sum of money for the usage rights. 

25 The prior art DRM systcmis and rendering devices incorporatmg DRM agents do not 
provide any mechanisms to mmimize the risk of disagreement between the client and 
DRM agent, discussed *ibove. or in the case it has happened, any mechanisms to 
support the defense of DRM agent and thereby siqq>ort the defense of fee device 
manufacturer and the DRM system manufecturer. 

30 
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nyyiKiftHSH Kot^an 

SUMMARY 

The present inveatim overcomes these aiid otiber drawbacks of fhe prior art 



It is a seaxenl object of flie present inventiQn to poxmde a digital content usage 
motiitoiing functianaHty in a DRM system. 

It is ano&er object of flie inv«ition to provide methods, equipment and systems for 
10 deterring clients from repudiating us£«e of digital content received from a cont»it 
provider of a netwoik. 

Yet another object of the invention is to provide a client modole incocpoiating a loggmg 
ag^t for logging information of usage of received digital content 

IS 

A ibrther object of the mventioa is to provide methods and systems for eflfectively and 
flexibly downloading and implementmg logging agents in cheat modules. 

These and odier objects are met by Ae invention as defined by the accompanying patent 
20 claims. 

Briefly, Oie present invention hnrolves aziaqgbg or un{d6mentiDg a logging agent m a 
client module used for using digital content ordered and received fiom a content provider 
of a network, e.g. Internet or a wireless network for mobile communication. This loggmg 
agent monitoro the usage of fhe content, petfohned by Oie cUent, by loggmg infomiation 
concemmg the usage mdividually for each usage to be monitored. The generated usage 
infomiation is then stored as a log cntiy in a dedicated log, either ananged in the cKent 
module or provided extemaUy by a tnisted party, e.g. a network operator or the content 
]»ovider. 

30 
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The usage pecformable by tiie client includes leaKtecing or playing, saving, foiwaidizig, 
copying, executing and/or modifying fbc digital content Usage rig^ a: ndes of tbs 
relevant mediods of difflit-nsage to be nKmitned are preferably specified in a license 
associated wi& the digital content 

By logging or recording infoniuttion of client usage, &e log^ng agent according to the 
invOTtion has a repudiation deterring effect on cHoits, low^ing the risk fliat clients 
violate usage rules of ordered digital ccmtent The generated usage log can also be used if 
a dis^reement between the client and ttie ccxot^ provide: (through a DRM agent 
implemented in the cKent module for enforcing usage according to tte os^e rules) is 
present. By sinoply investigating the log, information about flie actual number of usages 
performed by Ae client, when fliqr were performed, Ae usage quality obtained during 
the rendering session (dependmg on what is inchided in fte usage infomiation) can be 
retrieved and used to solve any issues. 

The usage informattoa inchides etements, which concern Oe actual usage of the digital 
content The elements may comprise a representatira of the digital content, eg. Ae 
associated file name or a fingerprint of the contait, including the content itself or a hash 
function hereof In addition, mformaiion of usage quality may be inchided. e.g. 
specifymg flie bandwidth md/or resolution of Ae content and/or tiie obtained sanqile rate 
if flie content is detiveied as sHeaming data. The usage time of die content is preferably 
also found in the information. The usage mfimnation may also be authenticated, e.g. by 
an auflientication tag, digital signature, message authentication, identifying fiom which 
client die infimnatifm is derived. 



The logging agent is preferably implemented in software, hardware or a combination 
thereof in a DRM agent of flie cUent module, or in connection witii a rendering device 
associated wifli die module, and perfomis flie actual rendering of flie digital content In 
Older to prevent an attacker from iUegally accessing and modifying flie geaerafed usage 
infonnation, flie information is preferably ciyptographically t»otected usiug an 
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encryption key. The associated deaypti(» l(»y can Aen be stared at a tnisted party. 

The security of the logging agent is also increased by implementing it in a tanker- 
resistant device, which preferably is removably anranged in fhs client module for 
allowing the device, including the logging agent, to be moved b^een different client 
modules. A preferred tamper-resistant module is a network aaibsctiption identity module 
issued by the netwoik operator, e.g. standard SIM cards used in GSM (Global System for 
Mobile Communications) mobile telephones but also UMTS (lUveisal Mobile 
Telecommunications System) SIM (USIM), WIM (Wireless Identity Module) and ISIM 
(Internet Multimedia Services Identity Module) cards can be used. When implemented 
on a SIM, die loggmg agent can use fte autfaoiticaiion and ciyptogiapfaic ibnctioos of the 
SIM for use on the usage mfotmation. In addition, keys associated wift ti» SIM 
subscription can be used for performing usage information autheotication and encayption. 

The logging agent is preferably in^mented in an application environment provided by 
an application toolkit associated wifli the SIM, e.g. SIM Application Toolkit (SAT) or 
UMTS SAT (USAT). The SIM may be pre-maDufiictuied with tiie logging agent or the 
logging agent may be secmely (preferably au&enticated and encrypted) downloaded 
fiom a network operator associated wifli Ate SIM. Commands associated with the SIM - 
client module mter^ are used for downloading and in5>lement the logging agent in the 
aj^Hcation environment The same commands can also be used for subsequently rewave 
and implement iq)grades of the logging ageat. 

The logging agent according to flie present invention may be arranged in any client 
module adapted for receiving digital content of a network, inchiding personal computes, 
mobile units, e.g. mobUe telephones, personal digital assistants or communicators. 



30 
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The invention ofiTeis fhe following advantages: 

Provides streogttiCTed defense for equipment manufacturer, netwoik operator and 
content provider in a situation wh^e a dispute is present, on whether usage of 
digital content by a client module actually has been perfoimed or not. 
5 - Deters clients from repudiating usage of the digital content according to usage 
rules associated with the content or by trying to violate the rules. 
From the end>user point of view, the invention provides flexible and iq>gradable 
implementation of logging agents, as well as "portability" between different 
client modules. 

10 - A network operator can efSciently manage and upgrade logging agents 
connected to the network, and the invention also apeta up new business 
possibilities for &e operator acting as a tnisted center for content distribution. 
Provides useful infonnafion of usage of digital content, performed by cHenls, 
which infonnation can be used by content provideis when deciding fmsiness 

13 models. 



BRIEF DESCSUPTION OF THE DRAWINGS 

The invention together with further objects and advantages thereof, may best be 
20 underetood by making reference to the following description taken together with the 
accompanying drawings, in vi^ch: 

Fig. 1 is an overview of a digital content oidering and distribution system 
incorporaiing the relevant parties and flwir mutual relationships; 

Fig, 2 schematically ilhistrates an embodiment of a client module acooiding to the 
present invention; 

Fig. 3 schematically illustrates another embodiment of a client module aocoiding to 
the present invention; 

Fig. 4 is an illusiration of a logging agent according to the present invention wilh 
30 cryptogr^hic and authentication fvmctionality; 



25 
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Fig. 5 is an ovorview of a log stonag log eataes with usage infbnnation of clieat- 
usage of digital content; 

Fig. 6 sclManatically illustrates yet anofha anbodimeitt of a client module accoidiiig 
to fte present invention; 

Fig. 7 illustrate a tan^ra>ie$istBait device comprising a logging agent accoiding to 
fits present inventioi^ 

Fig. 8 is a flow dia^xan illustrating flie steps of a monitoring method according to 



Figs. 9A.9B iUustaite flow diagrams of embodiments perfonning one of fte steps in 
10 Fig. 8; and 

Fig, 10 is a flow diagram ilhistrating ibs 8Up& of a digital rights management method 
according to the present mvention. 



DETAILED DESCRIPTION 

The present invention is generally q)pUcab!e to digital rights management (DRM) used 
m a digital content ordering and distribution qretem. In such an oideri^ 
system, digital content or media is provided fiom a content provider to a dient over a 
netwoik, e.g. Internet or a wireless netwoik for moHle communication, manr^d by a 
network operator. In order to &cititate understanding of the invention, a brief discussion 
of flic general fimctionaUties of DRM foUows, As was mentioned in tiie badEgromid 
section, DRM is used for protecting die copyright holdeis* assets in a digital contmt 
ordering and distiibution system. In this system, DRM typically regards auflientication 
and key management, usage rights management and charging. TTiese DRM 
functionalities are implemented m DRM modules arranged in die relevant parties, i.e. for 
example in a cBeut module, in a server of the network operator and in a media or content 
server of tiie contem provider. 

Starting wifli autiientication and key management, authentication is used to identify die 
parties in the digital content ordering and distribution process. Techniques well known in 
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liie art, such as message authenticatUm and digital signatures using oyptographic feeys 
[1], may be ^nployed far auflientication. In addition, tccliniqnes tai maildng or stanqnng 
digital content so fliat it can be backed <biring tiie delivery process and subsequent 
usage may be used. Watermarking and fingerprinting are two techniques that usually 
are ^ployed for content marking. The DRM modules in the system also transport, 
store and generate, in a secure way, cryptographic keys for use in die digital content 
ordering and distribution process. The k^ are en^loyed for cryptogrq)bically 
protecting messages, including the actual digital content, during the delivery over the 
network. 



The DRM modules also peifonn usage rule management and enfoicement The 
ordered digital content is associated wifli a license or digital pemut specifying the 
client's usage rules and rights of the obtained digital media. This fimn of management 
is about the digital content itself and deals wifli issues sudi as, who gets it, how is it 
15 delivered, how may it be used (rendered, saved, forwarded, copied, executed and/or 
modified), how many times may it be used, how long does the ri^ last, who gets 
paid, how much they get paid and how. Some or all of these issues are specified in the 
license, which may be delivered together with the digital content In order to describe 
the usage roles, special languages called rights languages have been developed. Two 
of the most prevalent rights languages used today are Rights Markup Language 
(XrML) and Open Digital Ri^ Language (ODRL). In the client's rendering device, 
flie DRM module is in^lemented to ensure that die usage, most often die rendering, 
foUows what is described in the usage rules and to prevent repudiation of the digital 
content usage. 



Finally, charging management generally refers to the procedure of tibe actual payment 
for usage of the digital content. Several different techniques are used, such as credit 
card techniques for payment over Internet or payment flm>ugh a subscription. 
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A digital content ordering and distnbution system incoqKjrating DSM fimctionaUties is 
schanaticaUy depicted in Fig. 1, yNhish illustiates tibie rdevant paities and their mutual 
idaticfoships. The system ^^cally includes a dient having access to a netw<nk flm»^ 
an agreement^ e.g. a subscription, witti a netwodc qperator. This client-opaatoT trust 

5 relation is usually tnanifested in a ciyptogn^c relationship, Le. sharing symmetric keys 
or luving access 1» eadi ofiier*s puhlic keys, if asyntmietrie cr^ 
relationship is also present between die netviroik operator and the content provider, but in 
Ae fiwm of a busings agreement This agreemrait could be manifested by a similar key 
dialing and/cH- key access as described for the client and netv^roik operator above. 

10 However, between the client and Ae content provider, an induced trust relationshq) is 
established each thne the cUent obtains digital contait ftom the content provider. This 
induced trust is manifested m a session key used for cryptographicafly protecting the 
digital content as it is transmitted to the client over the netwcnk. 



15 In a typical content ordering and distribution process, tiie cUsot fiisfly connects to flie 
network operator. The operator fhea autfaentLcates the client and possibly verifies ftat fte 
client has a vaUd DRM agent toe managing DRM metadata, such as usage naes. 
encrypted data and keys, associated wifli the digifd content The cUent chooses digital 
content or media and specifies some cUent-selectable usa^ rules to be valid for flie 
media, for ^cample lendraing the media a selected number of thnes or during a given 
period of time. In the present description, digital content cefias to digital data that can be 
downloaded or streamed over a netwoik for usage in a cUent module, and ttms mcludes 
for exanq^le audio, video, unages, electronic books and o&er electronic text material as 
well as software. 



20 



25 



30 



An order is then placed to the operator, which writes and encrypts a ticket specifying the 
ordered content and Ae usage rules. The ticket is sent to the client, where the DRM agent 
decrypts the ticket and extracts a session key fiom the received ticket. The ticket can be 
decrypted by conv«artional cryptographic means. e.g. usmg a key of a symmetric or 
asymmetric key pah- associated with the cUent and the network operator. This decryption 
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key is pce£a»bly the dieot-opantcMr subscii[rtion key, a spedti DRM bey affiociated wifli 
die DRM agent, or a key dodved from diese keys. The extracted sesaon key will 
eventually be used far deayptiag the digitd mediB fiom iSaa oantent provider. Hie ctient 
also receives a copy of the ticket enctypted wifli die i^etator-oantent provider s^iceemeat 

5 key (or a key derived therefiom). This ticket copy is forwarded to die conteiit provider, 
where the session key is esjEtracted. Thereafter, die content provider deliveis die otdered 
digital content ciyptograpiucany protected by die session key to die cKent, eiflwr as 
downloaded date or streaming data. Finally, the DRM agent in the cKent decrypts the 
digital content by die previously extracted session key. The digital content can be uaed, 

10 e.g. rmdoed, in the cBeaxt module or m assodated device according to the usage rules. 
Fiir&cr infotmation regarding DRM systems and oirieiing and disiributian of digital 
content can be found in [23]. 



The overall content ordering and distribution process discussed above is merely given as 
a simplified example for conveying a general image of such processes. In order to 
increase die security, more oudientication and cryptographic steps may be introduced. In 
addition, the client should pay for die ordered content* so billing and charging steps ate 
most often present in the ordering process. Such a chacging may be perfimned by a 
subscription to die network opoator, by sending die cUenf s credit c»d mnnb« to die 
network operator or a dedicated biUing rastitute, managing die charging of digital 
content, or by some odier means, hi addition, die netwwk operator may provide botii die 
networic and die digital content and hence ads as bodi operator and provide at die same 
time. However, die operator flien ^icafly has a dedicated content server and a dedicated 
operator saver, so diat die parties iUustrated in Fig. 1 are present aldiou^ die network 
operator also manages die content providing services. In some appUcations. e.g. WAP 
(Wireless Application Protocol) appUcations, it is also possible diat anodier client may 
act as a content provider. However, die usage rules are dien pushed to die content, 
receiving client fiom die network operator or die content i»ovider. 
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The present mvention is generally directed towards prevoiting or detening tiie client 
fixnn Tqradiatmg usage of fho ordeied digital contmt according to the usi^e ndes 
associatBd with Ae content or by trying to violate the rules. For example, Hus client may 
have been allowed, according to die Ucens^ to render a specific digital content twice, but 
5 disagrees wiA the DRM agoit in fte client module that two renderings actually have 
been performed. The present inveaition solves flus by monitoring the usage of the digital 
content and loggmg information concerning the usage individually for each usage to be 
monitored. By loggnug or recording information of client usage, the invention has a usage 
rqiudiation deterring effect on the client, lowering the risk that clients violate usage rules 
of ordered digital content The generated usage information can also be used if a 
disagreement between the client and the content provider (DRM agent) is present. By 
simply investigating the log, information about Oe actual number of usages performed 
by the client, when they were performed, the quality obtained during usage sessions 
(depending on what is included in fbc usage information) can be retrieved and used to 
IS solve any issues. 

In Ore present invention, usage of provided digital content is directed towards me&ods of 
using the content by tiie cUent. This usage could inchide: rendering the content by tiie 
client, for example play audio « video, display images or text and/or print the digital 

20 content saving die cornet on the cHent module or some otiier suitable media; 
forwarding the digital content, for exan^le to anofha cUent or cUent module; making 
copies of the content; executing fte code elements of flie digital content (being in form of 
software) and/or modi^g the digital content In a preferred application, tiie usage rights 
or rules of the relevant mediods of usage are specified in the Hcense associated with the 

25 digital contrat. 

fa the following, tite embodiments of the present mvention are described with usage of 
digital content m tiie form of tendering of the content A client module then incorporates 
or is associated, e.g. directiy or indirectly connected, witii a rendering device or player 
30 fffl: rendering ±c digital content However, as the skilled in the art understands, die 
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inviraition is not Umited to rendearing emibodiinente, hut ccanpiise any oflier mefhod of 
usage of tile ctmtentby a ctient, iiwludisg ttte usage described above. In such a case, flie 
rendering device is changed corresponding^ to fte relevant usage means, flnction or 
device. 

5 

A cHent module according to the present invention is illustrated in Fig. 2. The client 
module can be any form of applianee, which may order and obtain digital content over 
a netwoik, for exanqtle a personal con^uter ^C) or a mobile unil^ including mobile 
telephones, personal digital assistants or conununicatcns. The module comprises 
10 means for downloading or streaming the digital content from a content provider to the 
module, where a rendering device or player renders flie content The tendering device 
could be in^lemented in software, hardware or a combination Aereof. Preferably, the 
rendering device includes a media processor, which may be software-miplemcnted, for 
rendering the digital content using e.g. a screen or a loudspeaker, depending on the type 
of digital content The rendering device may be integrated into the mobfle unit or PC, 
but can also be provided as a stand-alone device, directly or indiiecdy connected 
diereto. 



The client module is ako provided wilh a DRM agent for managing the DRM metadata 
associated with the digital content This DRM agent is implemented for decrypting 
digital content obtained fiom the content provider using session kssya and enforcing 
rradering according to ns^ rules. At least a portion of this DRM functionality may be 
implemented in the rendering device, where fte actual content rendering is performed. 
This rendering device associated DRM functionality could be managing for example 
rule-enfoicemeot and typically also decryption of ihe protected digiial content prior 
rendexings tiiereof. 



According to the present invention, a loggmg agent is provided in Ac cKent module, 
preferably in the DRM agent; for monitoring usage, in this embodiment rendering, of die 
downloaded or streamed digital content This logging agent Ipgs usage information 
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conceniitig roidadngs of file digital cootrait ixulividuaiUy for each lendodng to be 
monitored. The logging agent gmesates Mb usage information and sends it to storing 
means for storage as a log entry in a log. Tins usage log maybe arran^d Iooa% in the 
client module or externally. In Uka former case, tiie log is preferably stmed in such a -way 
5 that it is hard for an attacfcur to modify the usi^e infotmaiion in flic log. This could be 
accomplished by storing die log in a temper-resistant device, thereby being harder to 
access and modij^. Anodier solution could be to store the log somewhere in the client 
module, where it is hard to locate for an attacker, and/or using a format of the log, which 
gives no information or chie about its content Tbe locally stared log may be arranged in 
10 ttte logging agent, in die DRM agent and/or somewhere else in the cUent module. 
However, the usage mformation is preferably forwarded from the logging agent in the 
client module to an external log provided by a trusted party. This liusted party could be 
the network operator, die content provider or some other pat^, which &e dient and fte 
content provider both trust. 

15 

If the usage information is sent to an external log, the infotmation may be forwaided as it 
is generated. Usage mformation may instead be stored tenqwratily in the losing agent 
and flien forwarded mtennittendy to flie log. The mformation could also be sent once aU 
renderings associated wife a digital content have been consumed, i.c when the number of 
20 renderings specified in the usage rules have been consumed or when die allowed 
rendering time has el^d In addition, the genetaied usage information may be sent 
upon a teqpest from the content provider and/or the network operator. 

Two logs may also be used, one local log stored in die client module and one external log 
25 s(x«ed at die trusted party. 



or a 



The loggmg agent can be in^lemented m the cUent module in software, hardware 
combination diereof. The cKent module may be pre-manufectured with die logging agent, 
or die lo^mg agent can be downloaded over the network from e.g. the network operator 
30 and implemented in die client module, which is discussed m more detail below. 
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As -was nmitioned in the foregoing^ the ctiait module can also conpiiges two separate 
units, one unit finr porfiaiutiutg Hie downloading or streamittg of digital Qontent and <»ie 
unit that actually renders (he diptal content, Le. ^ rendering device. Hie downloading 

5 or streanung unit may e.g. be a personal computer (PC) or mobile unit that stores ttie 
received digital content in or on some suitable portable media, including floppy disks, 
C©-ROM disks and DVD disks. The clieat may flien move the portable media with flie 
digital content to the rendering device ioc rendering the content It is also possible to 
transmit the content from the downloading or streaming unit to the rendeiing device, 

10 where it is received and finally rendered. Typical stand-alone rendering devices inchide 
Mp3 players, CD players, DVD playos, o&er mobile units or PCs. 

Referring to Fig. 3, the logging agent can th(a be implemented in tiie rendering device, 
preferably in a DRM agent of the rendering device. Tlien. the logging agent generates 
usage information concemmg renderings of the digital content individually and enters flie 
mformation as a log entry m a usage log. This log may be stored in the rendering device, 
or arranged in the downloading or streaming unit of the client module, if using a stand- 
alone rendering device, or externally arraoged in a trusted parfy. In fte latter cases, fte 
usage infocmation is sent from flie rendering device to the log for storage ffaerem. 



A typical Inoplementation of a loggii^g agent, inustratmg its indudmg elements, is shown 
in Fig. 4. The loggmg agent comi»ises a generator fat generatmg usage information 
concerning usage of digital content individuaUy for each usage. This generator receives 
mput data fiom the usage means, or more precisely Horn the DRM agent managmg (he 
usage of the digital content. From this input, fte information generator creates relevant 
usage infomiation, more of which below, and stores it tanporadfy in a cache or similar 
temp(»aiy memory. 



30 



usage information may then be cryptograpWcally protected for pteventing 
horized access thereto. An encryption engine may be arranged in flie logging agent 
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or connected thaeto for enayptuig tiie usage infonmtiaii using an mccyplion key. The 
enciyption key may he a shaored Qnaunetric key, a copy of wbidi is stoied at a liusted 
paify, e.g. tile network operator, contmt provider or scane ofber trusted party. 
Alternatively, an asymmetric key pair may be wed far encrypting Hie nsage infinmation 
encryptioa The client module then conqaiises a public key of a tnistiBd patty together 
wifli a certificate on the public k^. Hie encrypted usage infomation can fbeii only be 
read by the trusted party using its private key fox decryption of the rayptographically 
protected infonnation. 



10 An authenticator f<» authenticating die usage infonnation may also be provided in flje 
client module, e.g. in the logging agent The authenticator may introduce an 
aufhentication tag to flje usage information, which is used to identify fiom whom the 
information is derived. The tag could be a digital signature added to Ae information 
using a private signing key of an asymmetric key pair. The associated public verification 

15 key togeflier with a certificate on the public key is stored at a trusted party. Also message 
authentication, e.g. using symmetric keys as above for usage in&rmatioa encryptim, 
may be used to authenticate and identity the origm of the usage information. 

One way to do this log auttientication of flie usage infomiatiGn is by letting its DRM 
20 agent in tiie client module disphqr a request on Oie user interfece of the cfient module 
when the usage associated with the dient module has used digital contenL TWs request 
urges the client to con&m that a usage has been perfomied. In dus case, h» oider to avoid 
the situation of getting no response at all. die DRM agrait may be in3>lem6nted to 
pwAibft fimher usage of die digital content until a response, wheflier positive or negative, 
25 to die authentication request is givwa. If a positive response is given, die usage 
infomiation is authenticated and stored as a log entry in flie usage log. However, a 
negative re^onse, i-e. die client does not accept the usage as being successfully 
perfomied nor that usage information should be entered in flie log, may initiate different 
activities of die DRM agent The strategy for the DRM agent to follow could be fixed or 
30 could be specified in the Ucense associated wifli die digital content In die latter case, flic 
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content inovider has Die possibility to a^ist fte strategy to match tbe contaot and climt 
module propecties. For exanqfle, fbr low value digital content, one or more edia usages 
coidd be provided direcfly to a negative loggii^ aulfaenticatiott response, \i*ale for a hi^ 
vahie digital contait the DRM agait sands an autcanatic message to fbo content provider, 
S for the contoit provido^ to resolve tfie issue. Thus, in case Has strategy is part of ibs 
licmse, it will have to be protected fiom being presented to tbe client, as he/she 4ien 
could adopt las/bet response strategy aoccrdingfy. Bicryption of the strategy containing 
part of the lic^ise could give this protecfitm. 

10 The tey(s) used foe cryptographically protecting and/or audienticating the usage 
information could be subscription key(s) associated with die subscription between die 
client and the network operator, or key(s) derived therefiom. For exan^le, the client may 
have a network subscription id^tification module, issued by the network opnator, 
arranged in the client module. This network subscription identification module in turn 
15 comprises a key used for authenticating die client to the operator. Such a subsctiption key 
could also be used for cryptographic protection and/or autfaenticaiion of usage 
mfomiation. Specific keys associated with the DRM agent in die client module and used 
in die DRM system can also be used for encryption and/tor authentication purposes 
regarding die usage information. Also, subscription assocUted usemames and passwords 
may be used in Oris context If the client has one, or several DP addresses associated 
feereto, such address(es) can be used for mformation audientieation. 



The generated and posably encrypted and/or authenticated usi^ informatum is then sent 
fixwn a temporary cache memory eidier to a hig stored in the cUent module orihrough a 
25 forwarder adapted for forwardmg usage infomuition to an ext^^ 

Fig. 5 ilhistrates a log and examples of usage infomiatiott Oiat can be found m a log 
entty. As was mentioned in the foregoing, die log is stared either locaDy in die client 
module and/or extEsnally at a tmsted patty hi some storage means or memory. If stored at 
30 a trusted party, each log may be associated wifli a spedfic client, containing only usage 
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infonnation from that client. It may, hofwevo:, be possible to stme usage infonnatkm 
fixim several difi^rait clioits in one log. The infonnation ^aea pzefoably conqmse some 
fonn of aufiienticatiaii code, idrntifying from wludi clioit &e iufiannatioot is <iBrived, 
more of wMchbdow. 

The log entries in (he log CQmptise usage infonnation associated with usage, e.g. 
rmderings, of digM conlrait by a client module. Tbe usage infonnatiai may include a 
representation or descriptian of the used digital content, e.g. a fingetprint identi^g fee 
content or Ae file name assodated wife fee content. Typically fingeiprints could be fee 
content itself a cqpy or portion feeicof Also hash function of fee digital content or a 
portion feereof can be used to get a content representation. Anoth» possible content 
representation is a Universal Resource Identifier (USS), which specifies fee address (and 
possible the name of fee content) of fee digital content, e.g. the addiess in fee content 
provider's server, from which fee content can be jSstched, 



The usage information could also conqirise information concerning fee quality of fee 
content or usage of the content. This fomi of infomiation can be used fo cbedc if fee 
usage has been performed according to fee usage quality qiecified in fee usage niles of 
the license, i.e. fee usage should have the quaHty fee client actuaUy has paid for. 
Different quantities can be used to define and express rendering quality. Typical 
examples are fee bandwidfe or fee lesolutioQ of fee digital content Also the sample rate 
of fee digital content, if deUveted as streaming data, can be used as a quality quantity. 
The digital content itself or a representation feereof could also constitute a quaUty 
quantity. For example, if the client orders and leceives digital content specifying fee 
25 share price of a company, for fee pwpose of substaibmg stocks in feat conqjany, it is 
very mq>ortant that fee received content (share price) is coaect and updated. In such a 
case, fee content, or a representation thereof can be mchided as usage quaKty in the 
usage information. If the client subsequently claims feat he/she has received an incorrect 
share price, the content provider can simply retrieve fee share price, obtained by fee 
30 client^ ftata fee log. 
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Also tnfoniiati<m about usage quantity may be eoaitered in tiie usage infimnation. Sucb 
quantNy could specij^ Bow many usages of Os digital cmtent that banre been prafbnned 
by the client, iwfaidi mefliods of usage have been perfibxmed, and/or how many usages 
remain according toihe us^ rules. 



The usage infixmation jnefambly oonqnises iofonnation about the usage time. Such a 
time pxe&iably ^ccifies fba time when fta usage is con^letied, but could also or instead 
ep&xfy the start time of ttie usage or some other tim^ during which tfie usage is ongomg. 
In particular for rendering ^ipIicalions» but also for ofiier meftods of usage, the totd tune 
fliat die usage (rendering) has carried on or proceeded could constitute valuable usage 
informatian and can therefore be altered in the log, Tliis total usage time is easily 
measured or estimated using the DRM ag^ enabUng usage of the digital content in the 
cfient module. 



As was mentioned above, the usage information preferably includes some form of client 
audientication, identifying the client, especially when the log is stored externally. Hjis 
authentication may be an au&entication tog, e.g. a digital signature or message 
authentication, signed by the client specific key <fiscussed in connection to Fig. 4. bstead 
of using a dedicated authenticatian tag, «ie whole use^e hifonnatioin may be encrypted 
using an encryption and signing key, both ciyptogrupUcally inotectiQg and 
authenticating the usage informatian. If the log is stored locally in Oe cfient module, die 
need for an audienticatiQn tag or some other form of identifying informatian is somewhat 
relaxed. 

In addition, the usage information accocding to tbe present mvention is well adapted fiw 
use wife location-based service. Such services are provided by e.g. netwoik operators, 
vi*ich then also acts as content providers. Topically locationrbased service inctodes 
finding the nearest pub, restaurant, cinema, cash poinli hospite!, police stetion, ete. Also 
fte cunent distance andAw directian to the ndevant requested location could be ^ven. In 



20 



25 



such ajqoUcafions, Ihe usage infomutkai may indude a iepreseiKBti<« of location of 
the cliait when ardering fhe Iocation4>ased service possMy together wifli the lecdwed 
digital content (directicni, (fistance). 

S For gaines and ofter amilar software digital onit^ 

client when he/she renders the ^une can be included in the usage infortnaticaj. This may 
be especially importent in situations where the client, according to the usage role, is 
allowed to render tbe game a fixed number of times, but obtains one or several additional 
free rendering if he/she achiwes a certain score or level associated wife the game. This 

10 game scoTOCff level is then preferably entered m the usage log. 

Furdiemnore, Ihe entry in the usage log could comprise a record of information about the 
DRM agent implemented m the client module. Such DRM record preferably pves 
information that, and possible how, &e DRM agent is involved in fhe usage of flw digital 
15 content l^cal DRM relevant infiarmatian could be a key. associated wifli ibe DRM 
agent, or a key derived Oerefinm. From ibt DRM information it is then possible to 
control and verify that the client module reaUy inchides a correct and certified DRM 
agent. Thus, the usage informatioQ can provide a vabable source for contbuoiisly 
controlling clients' DRM agents to detect any security flaws as earty as possible. 



The log entries can also comprise other infmmation concezning usags of digital content, 
such as specifying how Ihe client has used the usage rights associated with the digital 
content and how many and wWdi usi^ of the content Oat remains according to the 
usage rules. 

The usage information can inchide aO or some of the elements discussed above, or some 
odier infotmation associated with content usage. 



30 



The loggmg agent arranged in the client module could be irnplemented for generating 
usage mfonnation mdividuaUy for each usage of digital content that is performed by the 
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client, bi such a situation, each usage is monitored and infommtion theateof is logged and 
can be letcieved later f« resolving disagreements of tiie clieat md ocmt^ provider. 
However, instead of numitoiing and logging eadi usag^ tibe logging agent could be 
oonfiguted to monitor and log usage infonnation fiar tandomly selected usages. The 
S hogging could also be pecfonned inteimittanlly for 

The most inopoxtant issue here is that monitoring and loggmg of usage of distal contoit 
should deter the client firan repudiating usage of flie content. By logging infonnation 
mteimittraitly or randomly, the client is not awaie of wMdi usage that is logged and 
therefore is defected to rqmdiate the usage lules. If not every usage is logged, Ae client 
10 preferably should not be allowed to Itnow which usage that actuafly is logged and which 
is not In addition, Ute stragey used for logging usage infonnation, fi>r example which 
usage actuafly should be logged and/or when it should be logged, can be specified in the 
license associated with the received digital content. 

15 CUents' usage infonnation stored in logs can of course provide a high value source of 
information about actual usage of digital content Such information may have a potential 
high vahje for content providera, when deciding business models, price of digital content, 
etc. Since usage infonnation fiom several clients may be stored together in one or several 
logs at a tnisted party, the content provider can then access Oe logs and use fte 

20 information stored therein as a statistical mformation sonce m the provider's work. 

If the digital content is provided as streaming data, Ae content provider is on-line, 
communicating with (he cUenf s rendering device during the rendering. In this "<m-the. 
fly" tendering, the hansport of the content is typically made wiA an unreliable protocol, 
such as User Datagram Protoc<d (UDP) [4], Stieammg data mchide digital content being 
rendered in real time as it is receded over a netwodc. The date can also, at least 
tempoiarily, have been buffered before the actual rendering takes place, which is well 
known to a peison skiUed in the ait The monitoring of renderings and logging of 
infonnation thereof are m this case preferably made during the actual rendering. Thus, 
during rendering of digital content, tiie logging agent m the cUent module mtenmttently 
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generates information concardng Oie ongcnng i«ndeni%. F<sr exanq)!^ the loggmg agent 
could be inq>lemented to generate usage infonnation eveiy 30 seccmds, cvray second 
minute or some oflier lime intorval, paiodioally or not The geneiated usage inframadon 
is then stored m a usage log, as Ascussed above. However, the usage infonuation may 
preferably also be s&A to fbe cUexA laovider for coofiimix^ reception and tendenng of 
die streanung data. The content provider may be equipped with a DRM functionality fliat 
receives Ibis client usage infoimatian and only continues to stream data if usage 
informatioo is received within a predetermined period of time. Thus, the content provider 
could terminate the sbeammg flow of digital content if no infonnation is sent fiom the 
client during the predetenninfid period of time. 

In some streaming qjpUcations, the content provider intermittenfly sends transmitting 
reports to fte client. These rqjorts may include information of the hitherto deUveied 
digital content. Such information may be the amount of data packages sent to the client 
and/or the quality of the delivered content When flie client receives these transmitting 
reports, he/she should respond by sending a receive report, accq>ting or r«gecting that 
what is included in the information actually has been fidfiUed, e.g. (hat the specified 
number of data packages actuaMy have been received vfiSb the coireot content quality. 
The logging agent can then be implemented to include the generated usage information 
in the receive reports. If no usage infotmatioQ is received by the content provider 
together with the receive reports, die staeammg flow of digital content oould be 
^^nninated, as in above. 



In addition to, or as a complimait to. temmiathig flie stream flow of data, the logging 
agent could include a notification in the usage infimnation Aat die client refuses, or has 
not, sent die usage infonnation together wifli die receive xepotta to the content provider. 

In addition, protocols used specificaUy for streaming digital data, such as the Real-Time 
Transport Protocol (RTP) and the Secure Real-Time Transport Protocol (SRTP), 
typically have a n^ort mechanism, where die receiver of streaming data, i.e. the cUen^' 
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intermittently or periodioa% sends aieoeive report of flie accoaqiaaying RTP protocol to 
the trananitter of tbe data, Le. the content provider (S, 6]. The usage infiannaiian 
gmerated by ^ logging agent can then be included in and sent togp&er -widi Has receive 
rqpozts to Bast dient providBr. In addition, SRTP provides a genetal fiamewcn^ foe 
ctyptogt^Mcally protecting fiie repoits. Tins SRTP encryption could be used also for 
protecting tiie usage infozmaticm as it is sexA ova the network. In SRTP it is also usually 
mandatory to autiienticate tiie feedback reports, and this authentication could easily be 
extended by e.g. digital signatures for logging puiposes. 

In order to increase the security of die logging functionality in the cKcait module, fee 
logging agent maybe implemented in a tamper-resistant device, see Fig. 6. Such a device 
makes it much harder for an attacker to access and modify the agent and tiicMby modify 
the logging agent and/or flxe generated usage inforaiation. Also, the usage log can be 
stored in (he tamper-resistant device, thereby preventing easy access and modification by 
the client thereof. The tamper-resistant device is preferably portable and removably 
arranged in (he client module. Such a device can then be moved between and used in 
connection with diflferent cfient modules. In such a case, die client module prefexaUy 
includes means for lecdving and storing a license associated wifli received digital 
content In addition, an appender for appending the usage log to flie license is preferably 
arranged in the client module. This appender appends tiie log to die license so tiiat when 
flie tanqper-tesistant module is moved to another clieit module, botti the Hcense and the 
log accompany fiie device to foe new client module. However, (he appender preferably 
should leave die license undianged except ai^endittg the log foereto. 

Fig. 6 ilhistcates an enibodmient of a client module incorporating a rendering device, a 
network commumcation unit and a tamper-resistant device. The network communication 
unit inqjlements a network commnnication protocol stack, thus enables downloading 
or streaming of digital content firem a content provider to the client As for the 
embodiments above, the rendering device comprises a media processor for rendering 
digital contait and. preferably, a DRM agent AWiough not explicitly shown in Fig. 6. 
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a DRM agent is also preferably arranged in Ihe tamper-resistant device. In such a case» 
the logging agent can be implemented in the DRM agent associated with fhe tamper- 
resistant device. 



5 The client module can also be equipped with an input/output unit for, preferably^ 
connection to a local network and/or a^^liance, e.g« a stand-alone rendering device. 
The network communication unit then principaUy manages reception/transmission of 
digital content and other data over the remote network provided by the network 
operator. Thus, other inports and ou^Kirts than schematically illustrated in Fig. 6 could 
10 be present in the client module. 

The embodiment of the client module in Fig. 6, could be a mobile unit, e,g. a mobile 
telephone. This offers an advantage compared to if fhe logging agent of ftie invention 
is arranged in a computer. This advantage is manifested in a potmtially increased 
15 security a^unst hacking, due to that the operating system platfiHms of cosnpiteis, e.g. 
Windows and Linux, are much more well known by the public than ccmesponding 
platforms of mobile units, which thereby becomes harder to attack and modify. 
Therefore, a logging agent according to Oe present invention is well adapted for 
implementation in a mobile unit. 

20 

A particularly attractive solution is when the loggmg agent is implemented in a tamper- 
resistant device issued by a party trusted both by the client and the content provider. This 
\= tnisted party could for example be the network operator, having a contractual agreement 
: with the content provider to provide its subscribers wi& client modules. Such an operator 

-^^'25 provided tamper-resistant device could be a network subscriber identity module (SIM). 
This network SIM can be a smart card read by a card reader connected to the client 
module. Another solution is to use standaid SIM cards used in GSM (Global System for 
Mobile Communications) mobile imits or any other netwoik SIM known to the art, 
- : including also UMTS (Universal Mobile Telecommunications System) SIM (USIM), 
] ]:30 WIM (Wireless Identity Module) and ISIM O^itemet Multimedia Services Identity 
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Mo^e). However, also oHm also oOer cards having sumlar fimctionalities as standard 
SIM cards, e.g. SIM cards used for bankiiig traiisaclioaDS, could be provided wifli a 

ionu 



Besides being harder to hack, die to being a tanqjer-resistaat device, die SIM could also 
be used as a base fiar a cbai^ii^ mechanism ftat can be used for payment of digital 
content in flie DRM system. 

Fig. 7 illustrates a tamper-teistant device in form of a network subscription module 
incoiporating a logging agent of &e invention. The SIM of Fig. 7 is also provided with 
an Authentication and Key Agreement (AKA) module, comprising algorithms. c.g. the 
GSM A3/A8 AKA algorithms, for encrypting/dBCzypting data senl/teceived by the 
mobile unit and for authenticating flie client m the aetwodE. TTiese AKA algnrithms 
typically uses a SIM specific key, e,g. die subsorqrtion key associated vdth die cUent. 
operator subscription, a key associated with &e DRM agent in^lemented in the SIM, 
or a key derived from these keys. It is also possible to use asymmetric cryptogn9)hy 
for authentioation pnxposes. The algoiidmis of the AKA module can be used for 

ciyptographicany protecting and/orauthenticadngtousageinfoimatian generated^ 
logging agent in tfie mobile unit bi such a case, die logging agent does not have to be 
equqiped with usage information encryption and/or authenticatiQn means, but can use die 
AKA algorithms, or similar fimctions, already implemented on the SIM. The SIM is also 
provided wifli a conveotiona] uqnit/outpnt unit fliat parses commands seat to the SIM 
and handles communication wifli die internal fonctions. Furthermore, resident 
GSM/UMTSWAP plications are in^lemenled on die SIM. For more information on 
25 SIMinodule8,refaenceismadeto[7,8] 

The logging agent can be implemented in the SIM in software, hardware or a 
combination dwreof. The cUent module, or die SIM, could be provided with die 
logging agent at or during manufecturing. Instead of using cUent module or SIM pre- 
30 febricated widi a logging agent, the logging agent can be downloaded. e.g. from the 
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network operator or content provider, and be implemented in tlie client module or 
SIM. This downloading solution is especially advantageous for in^lementing the 
logging agent on the SIM. As Ae SIM - mobile unit interface typically is associated 
with commands intended to send more or less arbitrary data to die SIM for use therein, 
5 e.g. the "ENVELOPE" command for GSM SIM cards, the code for implementing the 
loggmg agent on the SIM, e.g. as a general Java Applet application, could be sent 
using such commands. The sq;>plet can be given various degrees of authorization to 
access resident GSMAJMTS/WAP-related files, one possibility being to give it *'£uU 
GSMAJMTS/WAP access". The logging agent application sent by the command is 
10 implemented in an application environment provided by an plication toolkit 
associated with the SIM. For a GSM SIM the q^^lication environment is provided by 
SIM Application Toolkit (SAT), whereas the analogue of USIM is provided by UMTS 
SAT (USAT). Thus, the SIM application tooUdt thus enables tfie operator to either 
'liardcode'^ or download, over Ae air, a logging agoit application into the SIM 
IS besides the de&ult GSM/UMTS/WAP application. If tiie logging agent is downloaded 
to the SIM application environment, it is preferred to autiienticate the applioition 
Cogging agent) as coming firom the right operator. Thus, this gives protection against 
downloading **viruses" or incorrect logging agents form a malicioxis server. The 
downloaded logging apphcation can also be encrypted, e.g. with a SIM associated key, 
20 so that the content thereof is not available outside the SIM. Further information of 
SAT and USAT is found in reference [9 A 1] and [12], respectively. 

If using a tamper-resistant device or SIM card, other than standard SIM cards for 
mobile communication, its corresponding download commands and application 
- : : 25 environment can be used for ixnplementmg a logging agent application therein. 

Using an application environment implemented solution for flie logging agent; or a 
similar implementation sohition, it is possible to upgrade functions of the loggiiig 
agent This upgrade may e.g. concem a new stoia^ location of Oie usage log, new 
30 information included in flie logging entries, etc. Such upgrades are then sinq[>ly 



20 



•02 08/lS 14:34 PAX 18 153050 AROS P/4IENT AB . PA^NTVERKBr 01028 

+46 te 153850 



downloaded using download commands, eg. flie ENVELOPE (command, gyaod p frrd wilfa 
fhe dient module and implemented in the tHkaat nM>dtde. This is an advantageous sohition 
if the logging agent is brolcea or "hacked", so Oat its code and/or seast becomB 
pid>licly known, e.g. on fhe Intomet Thea, instead of changing all logging agoit 
5 containing cUent modules or tanqier-resistant devices, indudingn^ 

logging agent can single be updated by downloading and inq>lementing new upgrades, 
e.g. new keiys. 

As is Ulustiated in Fig. 7, not only the logging agent but also the DRM agent is 
10 preferably implemented in flie application environment. This means fluit also other DRM 
fimctions and plications can be upgraded fluougih downloading. 

The logging agent in flie appUcation environment generates the usage hifbnnalioa and 
stores it in a usage log. This log could, as was discussed above, be stoied externally at a 
15 trusted party, on the SIM and/ot in the client module cooperating wife ihe SIM. On the 
SIM of Fig. 7, the log may be ananged in Oe application enviionmeiil; e.g. in (he DRM 
cat logging t^t, somewhere else on^ SIM. 



Fig. 8 schematically summarizes the usage monitoiiQg meOiod according to the present 
invention. The method starts in step 81. fa step S2 dw client module uses, eg, renders, 
sacves, forwards, copies, executes and^or modifier digital content leoehred fimn a content 
provider of a netwodc Step S3 logs usage infomiation concerning tbs usage of the digital 
: • contmt individually for each usage to be monitored. The mediod flum ends in step S9. 

Fig. 9A Illustrates the logging step S3 of Fig. 8 in more detail Starting with step S4, a 
: \: 25 logging agent arranged in die cUent module generates information i^gaidmg the usage. In 
::- the optional step S7. fhe usage information is forwarded to a log and in step S8, flie usage 
■I infomiation is stored as a log entry in the log. The method is then completed. Two 
- ; optional steps of the monitoring me&od are ittustrated in the flow diagram of Fig. 9B. 
The gi»ieraled usage mfomiation from step S4 is cryptographically protected, by 
encryption of the information using an encryption key in step S5. The enoypted 
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inforaiatioii may then be authenticated in step S6. theid>y providing an identification 
ftom which client the information is derived. The mettiod iSaesk cowtiinious to step S7. 

A DRM method according to ttie present invention is scliematically iUustcated in the flow 
5 diagram of Fig. 10. The method starts in step SIO. Step SI 1 provides digital content from 
a content server to a cUent module over a networic In the client module flie received 
digital content is used and a losing agent according to ttie invention generates 
infonnatitm concenung the usage uufividoany fa eadi one of a set of client-usages. The 
gmeraled usage infonnation is tiien received and stoned as a log entty in a log in step 
10 S12. The DRM roefliod is tiien ended in step S13. 

The embodimCTts described above are moety givrat as examples, and it ciiould be 
und»8te>od that the present invention is not limited tihereto. Fui&or inodificati(Hi8, 
chaises and inq[nov«Daents, which retain the basic undedying principles disclosed and 
IS claimed herein ate wiHiin the sccqie and sphrit of the invention. 
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CLAIMS 



1. A method of monitoring client-usage of digital content provided by a 
content provider to a client module over a network, said method inchiding &e step of: 

5 - logging usage information concerning the usage of said digital content 

individually for each usage to be monitored. 

2. The method according to claim 1, wherein said usage of said digital cOTtent 
is defined as at least one of the items in the list of: 

10 - rendering said digital conteoit; 

saving said digital content; 

forwarding said digital contend 

copying said digital content; 

executing said digital content; and 
IS - nniodifying said digital content. 



20 



3. The method according to claim 1, wherein said loggmg step in turn includes 
the steps of: 

generating said usage information; and 

storing said usage information as a log entry in a usage log. 



4. The method according to claim 1 » further including the step of: 

cryptographically protecting said usage information by a protected key. 



25 



S. The method according to claim 1, further including flie step of: 
performing authentication of said usage information. 



of: 



30 



6, The me&od according to claim 4> wherein said key is selected fiom the list 



a public key, where an associated private decryption key is stored at a 
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trasted party; or 

a synunetric key common to said client module and a busted party. 

7, The method according to claim 5, wherein said authentication is performed 
5 by a private key and an associated public decryption key is stored at a trusted party. 

8, The method according to claim 5, wherein said authentication is performed 
by a symmetric key common to said client module and a trusted party. 

10 9. The method according to claim S» wherein said authentication is performed 

according to an authentication strategy specified in a license associated with said 
digital content. 

10. The me&od accoiding to claim 1, wherein said usi^e infomiation 
IS comprises at least one of the items in the list of: 



11. The method according to claim 10, wharein said representation is a 
fingerprint of said digital content 

* 

12. The method according to claim 10» wherein said quality information 
: ' : 25 includes at least one of the items of the list of: 



a representation of said client*used digital content; 
usage quality infoimattcm; 
time of usage of said digital content; and 
authentication element, identifying said client module. 



20 



bandwidth of said used digital content; 

sample rate of streaming said digital content; and 

resolution of said used digital content 



'30 
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13. The i]]6ttu>daooc>rdmg to claim Iffiafber including 1^ 

forwaiding said usage informatioD fitom said clioit module to an extonal 
trusted party. 

14. Hie method accordmg to claim 1^ wherein »id £gital content is used by 
means of a iisage device in said client module, and said step of logging usage 
infonnation is performed by a logging agent associated witti said usage device. 

15. Tb& m^od according to claim 14, whoein said logging agent perfomis 
said logging step according a logging strategy specified in a license associated with 
said digital content 

1 6. The method according to claim 14, wherein said logging agent is a ronotely 
ttpgradable agent 

17. The method according to claim 14, wherein said logging agent is 
implemaited in a ta]iq)er-resistant module. 

1 8. The meOiod according to clahn 17, whocem said usage inforaiation is stored 
in said tamper-iesistant module. 

19. The meOiod accoiding to claim 17. wherem said tanqier-resistant module is 
a network sul»criber identity module. 

20. The method according to claim 19, wherein said logging agent is at least 
partly hnplemented as an appUcatton m an application environment provided by 
application toolkit associated with said network subscriber identity module. 



an 



21 . The method according to chdm 20, wherem said logging agent appUcation 
is downloaded into said subscriber identity module from a network operator associated 
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•wA. said subscribe idoitity module. 

22. The method accoiding to claim 1, wberein said digital content is provided 
as streaming data over a network interconnecting the content provider and said client 
S module and said digital data is rendered by said client module, and said step of logging 
usage information includes the step of: 

for each on-going client-rendering of streaming data, intemuttoafly logging 
usage tnfozmati(m at several occasions. 

10 23. The method according to claim 22, ^cOiBriaduding the step o£ 

intermittently foiwanSng said intennittendy logged usage informatiott to 
said content provider for confimdoe reckon and rendering of the data. 

24. The melliod according to claim 23, wiieidn said content provider 
15 terminatBS the flow of streaming data to said ctient module if no usage information has 
been received during apredctennined period of time. 

24. The method accoidmg to claim 23, wherein said usage infotmatiott is 
inchided into receive reports associated with the report mechanism of the streaming 
20 protocol used for streaming said data. 

26. The method accordmg to claim 25, wherein said streaming protocol is the 
\- Secure Real-Time Trai»port Protocol (SRTP). 

.* 25 27. The method according to claim 1, further including the steps of: 

.; ' receiving and storing a license from said content provider, said license 

\ specifying the usage rights of said digital content; and 
appending said log to said license. 
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28« Client module capable of using digital content {sovided by a content 
provider over a network, said cont^*using client module including: 

logging agent for logging usage inforaiatian concerning fhe usage of said 
digital content individually for each one of a set of client-usages. 

29. The client module according to claim 28, wherein said logging agent in turn 
includes: 

meaiDta for generating said usage information; and 

means for storing said usage infotmation as a log entry in a usage log. 

30. The client module according to claim 28, wherein said logging agent fbrth^ 
includes: 

means for forwarding said usage information to storage means of a trusted 
party for storage therein as a log entry in a usage log. 

31 . The climt module accordmg to claim 28» further including: 
usage device adqrted for usiiig said provided digital contend and 

digital rights managCTient (DRM) module, at least partly implemented in 
said usage device, having fimctionality for enabling usage of said digital content 



32. TTie client module according to claim 3 1 , whocein said usage device in turn 
comprises at least one of ^ items in tihe list of: 

r^dering means adapted for rendering said digital content; 
savhig means adapted for saving said digital contend 
25 - forwarding means adapted for forwarding said digital content; 

copying means adsqjted for copying said digital content; 
executing means adapted for executing said digital content; and 
modifying means adapted for modifying said digital content. 
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33. The client modale according to claim 31, wlierein said loggix^ agent is 
inqtlemented in said DRM module. 



5 



34. The client module according to claim 28, furtberincludiiig: 

means for ciyptograqpbicaUy protecting said usage information by a 
protected key. 



35. The clifflit module accoiding to claim 28«fni1]ier including: 
means for performing auOentication of said usage inf cmnation. 



iO 



36. The client module according to claim 28, furfher including: 

a tamper-resistant module, in which said logging agent is in^lemented. 

37, The client module according to claim 36, wherem said usage information is 



15 stored in said tamper-resistant module. 

38. ITie client module according to claim 36, wherein said tamper-ienstant 
module is a network subscriber identity module. 

20 39. The client module according to claim 38, wherein said logging agent is at 

least parfly inqplemented as an plication in an ^ication mviionment provided by 
an plication toolkit associated with said network subscriber identity module. 

40. The client module according to claim 38, wherein said logging agent 
25 appHcation is downloaded into said subscriber identity module fiom a netwoik 
operator associated with said subscriber identity module. 



30 



41. The client module according to claim 28, furdier including: 
means for downloading upgrades of said logging agoit. 
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42. Hie cli^ module according to claim 28, further including: 

means for downloading said digital content fiom said content provider over 

a network. 



5 43. The cKent module according to claim 28, whetein said digitel content is 

provided as streaming data over a network interconnecting the content provider and 
said client module and said client module comprises means for rendering said 
streaming data, and said logging agent is configured to, for each on-going client- 
rendering of stceaming data, intermittently generate usage infonnation at sevc^ 

10 occasions. 



44. The client module according to claim 43, fiirdier including: 

means for intennitlendy forwarding said intenuittently generated usage 
inforaiation to said content provider fiw conficning reception and rendering of Ae 
iS data. 

45. The oUent module acconfing to claim 44, wherem said usage infbmuition is 
inchided into receive reports associated with die teport mechanism of die streaming 
protocol used for streaming said data. 



20 



25 



46. The client module according to clann 45, wherein said streaming protocol is 
the Secure Real-Tune Transport Protocol (SRTP). 

47. The client module according to claim 28, further including: 

means for receivmg and storing a license fitom said content provider, said 
license specifymg the usage rights of said digital content; and 

means for appending said log to said license, connected to said license 
storing mt^ms. 
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48. A digital ri^tsmaiwgemeQtsystaninoluding: 

means for pixmding digital content to a cUent module ove^ 
means fin: storing, for each (me of a set of usages of said digital ccmtent by 
said client module, usage infocmation omicemmg the usage of said digital content as a 
5 logentty inausagelog. 

49. The system accor^ng to claim 48, wherein said usage of said digital 
content is defined as at least one of flie items in the list of. 

rendering said digital content; 
10 - saving said digital contend 

forwarding said digital content; 
copying said digital contait; 
executing said digital c<mt«)t; and 
modifying said digital content 

15 

50. The system according to claim 48, fiirfber including: 

means for downloadmg a logging agent into said client module, said 
logging agent being operable, whoi executed in said oHent module, for generating, for 
each one of said client-usages, usage mformation conoemiQg the usage of said digital 
20 content and forwarding said usage hifonnation to said storing means. 



51. The system according to claim 48, wherein said digital content providmg 
; means is configored for providmg said digital content to said client module as 

Streaming data, said system Atrtfaer including: 

:' :* 25 - means fw terminating the flow of streaming data to said client module if no 

' usage information has been received during a predetermined period of time. 

52. The system according to claim 48, further including: 

-J " means for transmitting a license to said client module, said license 

30 specifying the usage rights of said digital coment. 
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53. The system according to claim 48, wherein said usage infomiation is 
cryptographically protected by a protected encryption key» said system further 
including: 

5 - means for storing a decryption key associated with said encryption key; and 

means adapted for decrypting said encrypted usage information with said 
decryption key« connected to said key storing means. 

54. The system according to claim 48, wherein said log is stored at a trusted 
10 party providing said storing means. 

55. A method of managing distal rights including fhe steps of: 
providiag digital content to a client module over a network; 

storing, for each one of a set of usages of said digital content by said client 
IS module, usage infomiation concmung the usage of said digital contrat as a log entry 
in a usage log. 



56. The method according to claim 55, wherein said usage of said digital 
content is defined as at least one of the items in the list of: 
20 - rendering said digital content; 

saving said digital content; 
forwarding said digital content; 
copying said digital content; and 
' - modifying said digital content. 

.^25 

: 1 - . 57. The method according to claim 55, furdier including the step of: 

downloading a logging agent into said client module^ said losing agent 
being operable, when executed in said client module, for generating, for each one of 
C!' said client-usages, usage information concerning the usage of said digital content and 
:30 forwarding said usage information for storage in said log. 
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58, The method according to claim 55, wherein said digital content to said 
client module as streaming data, said method furdier including the step of: 

terminating the flow of streaming data to said client module if no usage 
5 information has been received during a piedetermined period of time. 



59. The method according to claim 55, further including the step of: 
transmitting a license to said cliMt module, said license specifying the 

tisage rights of said digital contmt 

10 

60. The method according to claim 55, whwcin said usage information is 
cryptographically protected by a protected Micrji[>tion key, said method further 
including the steps of: 

storing a deoTption key assocuited with said encryption key; and 
15 - decrypting f« decrypting said encrypted usage information wifli said 

decryption key. 



61. The method according to claim 55, wh^iein said log is stored at a trusted 
party, 

20 

62. A tamper-resistant device adapted for cooperation with a client module 
capable of using digital content provided by a content provider, said tamper-resistant 
device including: 

•\ - logging agent for logging usage infcmiation concerning ttie usage of said 

: \- 25 digital content individually for each one of a set of client-usa^s. 

*-i 63. The device according to claim 62, wherein said usage of said digital content 

is defined as at least one of tiie itetns in the list of: 
~ ^ * rendering said digital content; 

"'30 - saving said digital content; 
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forwarding said digital content; 
copying said digital content; 
executing said digital content; and 
modifying said digital content 

5 

64- The device according to claim 62, wherein said logging agent in turn 
includes: 

means for generating said usage information; and 

means for storing said usage information as a log entry in a usage log. 

10 

65. The device accoiding to claim 62, wherein said logging agent forther 
includes: 

means for forwarding said usage information to storage means of a trusted 
party for storage therein as a log entry in ausage log. 

13 

66. The device according to claim 62, further including: 

means for cryptographically protecting said usage information by a 
protected key* 

20 67. The device according to claim 62, fiirther including: 

means for performing authentication of said usage infomation. 

68. The device according to claim 62, further including: 
means for downloading upgrades of said logging agent. 



,'"•25 



69, The device according to claim 62, wh^ein said tamper-resistant device is a 
network subscriber identity module. 



70. The device accordmg to claim 69, wherein said logging agent is at least 
partly implemented as an application in an application environment provided by an 
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application toolkit associated witti said network subscriber idraitity module. 

71 . The device according to claim 70» wherem said logging agent application is 
downloaded into said subscriber identity module from a netwoik operator associated 

S with said subscriber identity module. 

72. The device according to claim 62, furfeer including: 

means for receiving and storing a license fix>m said content provider, said 
licraise speciQuig the usage rights of said digital content; 
10 - means for appending said log to said Ucense, connected to said license 

storing means. 
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ABSTRACT 



The invention refers to mefliods, equipment and systems used to monitor usa^ of dig^ 
content provided fiom a content provider over a networic to a client module. In flie client 

5 module, a logging agent generates and stores infoxmalion concerning usage of the digital 
content individually for each usage to be monitored The generated infomiation is entered 
in a usage log, either stored in the client module or at a trusted party. The entries of the 
log may include a representation of the content, information about usage quality, usage 
time and/or authentication tag, identif/ing the client The usage information is preferably 

10 cryptograi^cally protected. The logging agent is prefembly implemented in a portable 
tanqier-tesistant module, e.g. a network subscription identity module. The module may 
be pte-manufactured with the loggmg agent, or the agmt can be dovnloaded thereto. The 
agent is preferably upgradable by downloading and inqplementing new loggmg 
qiplicaitions. 
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(Fig. 6) 
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